Exelysis Unified Communication Solutions 跨站脚本漏洞

Exelysis Unified Communication Solutions EUCS is a unified communication solution from Exelysis, Inc. A security vulnerability exists in Exelysis Unified Communication Solutions version v.1.0, which stems from the presence of a cross-site scripting CSS vulnerability that could allow an attacker t...

CVE-2023-29837

The CVE describes a Cross-Site Scripting (XSS) vulnerability in Exelysis Unified Communication Solution (EUCS) v1.0. The issue affects the eucsAdmin login web page, where an attacker can craft a URL path to execute scripts, potentially enabling remote privilege gain. The NVD/CVE metadata indicate...

CVE-2023-29836

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions EUCS v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form...

CVE-2023-29836

Exelysis EUCS v1.0 has a cross-site scripting vulnerability that can allow a remote attacker to gain privileges via the eucsAdmin login URL path. Related entries CVE-2023-29836 and CVE-2023-29837 describe the same issue. Some sources (PT-2023-22437) provide temporary mitigations (restrict access ...